VPN inside the router

[Feico de Boer]

Missed one step, before make dep, I would do a make oldconfig.

Cheers

Ok, thanks a lot. I will give it a try when I have time. Up till now I reinstalled the whole source tree again and allthough it works, it is a bit to much.

Anyway, that way I already managed to compile the st680 module. When copied to the filesystem that now resides on a 64 MB usb memory stick now, the camera is at least recognized at kernel level. I can even get data from /dev/video.

This is great fun! Thanks Oleg for making this available.

[Feico de Boer]

Missed one step, before make dep, I would do a make oldconfig.

<plus other related post>

Cheers

After all I found that 'make menuconfig' works even better and is less prone to errors if you don't know what all the options mean. For those that don't have or want to use ncurses, 'make config' will do roughly the same.

After this, just 'make' and 'make install' in the 'gateway' directory and you are set. Doing a 'make menuconfig' in the 'gateway' directory will let you configurate both the router environment and the Linux kernel (two separate configs by the way).

[Pirat]

Hi! I would use VPN on WL to. Can you send me bin?

[Feico de Boer]

Hi! I would use VPN on WL to. Can you send me bin?

I would if it was working. And despite the fact I got it working to the point it is actually accepting a connection and starting the PPP daemon, it thereafter fails with some GRE related messages. I didn't have time to go into details figuring out the problem yet. It seems that somewhere somehow a sort of handshaking (this is the level of detail I'm at now ) goes wrong.

In case you want to give it a try anyway, fetch the binary here.

http://www.deboer.demon.nl/pptpd-wl500g.zip

[Pirat]

Thank you!

[Feico de Boer]

I would if it was working. And despite the fact I got it working to the point it is actually accepting a connection and starting the PPP daemon, it thereafter fails with some GRE related messages. I didn't have time to go into details figuring out the problem yet. It seems that somewhere somehow a sort of handshaking (this is the level of detail I'm at now ) goes wrong.

In case you want to give it a try anyway, fetch the binary here.

http://www.deboer.demon.nl/pptpd-wl500g.zip

Ok, these are the errors from the syslog. Can anybody give me a clue if I'm close or lost? As far as I can see I have all NAT GRE and connection tracking stuff applicable compiled into the kernel.

Mar 11 00:12:01 pptpd[227]: CTRL: Client 192.168.1.5 control connection started
Mar 11 00:12:01 pptpd[227]: CTRL: Starting call (launching pppd, opening GRE)
Mar 11 00:12:01 pppd[228]: pppd 2.4.2 started by admin, uid 0
Mar 11 00:12:01 pppd[228]: Using interface ppp0
Mar 11 00:12:01 pppd[228]: Connect: ppp0 <--> /dev/pts/2
Mar 11 00:12:01 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:02 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:04 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:07 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:14 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:27 kernel: ip_conntrack_pptp: error during exp_gre
Mar 11 00:12:31 pppd[228]: LCP: timeout sending Config-Requests
Mar 11 00:12:31 pppd[228]: Connection terminated.
Mar 11 00:12:31 pppd[228]: Exit.
Mar 11 00:12:31 pptpd[227]: GRE: read(fd=6,buffer=10000500,len=8196) from PTY failed: status = -1 error = Error 5, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Mar 11 00:12:31 pptpd[227]: CTRL: PTY read or GRE write failed (pty,gre)=(6,8)
Mar 11 00:12:31 pptpd[227]: CTRL: Client 192.168.1.5 control connection finished

[Feico de Boer]

In order to get access to the router from the WAN, the post-firewall script needs the following addition:

# Allow access to PPTP server from WAN
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 1723 -j ACCEPT

This accepts GRE traffic and PPTP TCP traffic.

It does still not solve my other issue but allows me to connect from WAN to. Previous test were connecting from the LAN so I didn't notice this first.

[mctiew]

It does still not solve my other issue but allows me to connect from WAN to. Previous test were connecting from the LAN so I didn't notice this first.

I am wondering how do u compile the pptp and how
to you set it up. Lots of things have been shown here,
but there is very little about how you actually set it up.
For example, how is your pptp configuration file look like.

Cheers

[Feico de Boer]

I am wondering how do u compile the pptp and how
to you set it up. Lots of things have been shown here,
but there is very little about how you actually set it up.
For example, how is your pptp configuration file look like.

Cheers

I'm actually using the compile time options because there is no pptpd.conf file. I modified the compile time options such that they correspond with the system settings. I don't have the stuff around right now but is there anything specific I should consider looking at.

Right now it is set up correctly to call the PPPD as is found in Oleg's 1.9.2.7-3c version firmware and the syslog shows it is actually doing that. Once it is there communication fails.

[mctiew]

I'm actually using the compile time options because there is no pptpd.conf file. I modified the compile time options such that they correspond with the system settings. I don't have the stuff around right now but is there anything specific I should consider looking at.

Right now it is set up correctly to call the PPPD as is found in Oleg's 1.9.2.7-3c version firmware and the syslog shows it is actually doing that. Once it is there communication fails.

Interesting interesting but those options are what needed
to get it to work, without which we can only depends on the crystal balls.

Cheers

[Feico de Boer]

Interesting interesting but those options are what needed
to get it to work, without which we can only depends on the crystal balls.

Cheers

I think the following two files determine default settings:

config.embed.h:
#define HAVE_OPENPTY 1
#define STDC_HEADERS 1
#define HAVE_SETSID 1
#define HAVE_MEMMOVE 1
#define HAVE_STRING_H 1
#define HAVE_STRLCPY 1
#define PPP_BINARY "/usr/sbin/pppd"
#define BCRELAY_BIN "/usr/sbin/bcrelay"
#define SBINDIR "/usr/sbin"

defaults.h:
/*
* defaults.h
*
* This file contains some tuneable parameters, most of which can be overriden
* at run-time (note, MAX_CONNECTIONS can't!).
*
* $Id: defaults.h,v 1.6 2004/04/28 11:36:07 quozl Exp $
*/

#ifndef _PPTPD_DEFAULTS_H
#define _PPTPD_DEFAULTS_H

/* Definitions for true and false */

#ifndef FALSE
#define FALSE 0
#define TRUE !FALSE
#endif

/* String sizes for the config file */

#define MAX_CONFIG_FILENAME_SIZE 256
#define MAX_CONFIG_STRING_SIZE 512

/* For IP parser */

#define LOCAL 0
#define REMOTE 1

/* Default configuration values, mostly configurable */

#if !defined(PPPD_IP_ALLOC)
#define MAX_CONNECTIONS 16
#define DEFAULT_LOCAL_IP_LIST "192.168.2.1-127"
#define DEFAULT_REMOTE_IP_LIST "192.168.3.1-127"
#endif

#define MAX_CALLS_PER_TCP_LINK 128

#ifdef PNS_MODE
#define MAX_CALLS 60
#endif

#define PPP_SPEED_DEFAULT "115200"
#if EMBED
#define PPTPD_CONFIG_FILE_DEFAULT "/etc/config/pptpd.conf"
#else
#define PPTPD_CONFIG_FILE_DEFAULT "/etc/pptpd.conf"
#endif
#define PIDFILE_DEFAULT "/var/run/pptpd.pid"

#define STIMEOUT_DEFAULT 10 /* seconds */

/* Location of binaries */

#define PPTP_CTRL_BIN SBINDIR "/pptpctrl"
#define PPTPD_BIN SBINDIR "/pptpd"
#ifndef BCRELAY_BIN
#define BCRELAY_BIN SBINDIR "/bcrelay"
#endif

/* Parameters permitted in the config file */

#define SPEED_KEYWORD "speed"
#define PPPD_OPTION_KEYWORD "option"
#define DEBUG_KEYWORD "debug"
#ifdef BCRELAY
#define BCRELAY_KEYWORD "bcrelay"
#endif
#define LOCALIP_KEYWORD "localip"
#define REMOTEIP_KEYWORD "remoteip"
#define LISTEN_KEYWORD "listen"
#define PIDFILE_KEYWORD "pidfile"
#define STIMEOUT_KEYWORD "stimeout"
#define NOIPPARAM_KEYWORD "noipparam"
#define PPP_BINARY_KEYWORD "ppp"
#define LOGWTMP_KEYWORD "logwtmp"

#endif /* !_PPTPD_DEFAULTS_H */

[mctiew]

I think the following two files determine default settings:

Among other things, I think the following are missing :-

1. pptpctrl - where is this program ?
2. authentication - the server is not going to allow every tom dick or harry to connect to, so where is the authentication part ?
3. mppe settings - there are quite a few mppe settings needed.

You may not agree with me, I would think you might want to you use a working configuration file as a starting point.

Cheers.

[Intel]

Among other things, I think the following are missing :-

1. pptpctrl - where is this program ?
2. authentication - the server is not going to allow every tom dick or harry to connect to, so where is the authentication part ?
3. mppe settings - there are quite a few mppe settings needed.

You may not agree with me, I would think you might want to you use a working configuration file as a starting point.

Cheers.

Where can I get pptpctrl compiled for MIPS cpu?
We have no compiler in wl-500gx... (also we haven't a normal tar)
I need to run VPN server on wl500g in some days. Please, help.
I heard some people done it successful.. my mail: stepdi(woof)mail(dot)ru

Sorry for pour english..

[Intel]

sorry for my english...

I installed poptop (ipkg install poptop), set it up..
I can connect to pptp from lan, but can't connect from WAN.

I entered some commands (iptables)..
# Allow access to PPTP server from WAN
iptables -A INPUT -p 47 -j ACCEPT
iptables -A INPUT -p tcp --syn --dport 1723 -j ACCEPT

But I also can't connect from WAN. There is no info about connection in the syslog.

PLease help! I need working PPTP server in few days

[Darkstar]

The problem is, that the last rule in the firewall chains is a "DROP" and appending a rule with "-A" after that dosn't help. Try

iptables -I INPUT -p 47 -j ACCEPT
iptables -I INPUT -p tcp --syn --dport 1723 -j ACCEPT

instead, to insert the rule. I would suggest to change the policy to "DROP" rather having a rule at the end of the chain.

Darkstar.